Using Azure AD as your identity provider

Prerequisites

To connect BigAnimal to Azure AD, you must either:

  • Have one of the following roles in Azure:

    • Global Administrator
    • Cloud Application Administrator
    • Application Administrator
  • Be the owner of the service principal

A unique URL and access code are provided in an email from cloudcare@enterprisedb.com. Contact cloudcare@enterprisedb.com if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. For issues with the code or identity provider setup, contact Support.

Set up BigAnimal with Azure AD

  1. To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from cloudcare@enterprisedb.com.

  2. In a separate browser tab or window, log into the Azure Active Directory Admin Center.

  3. From the left navigation pane, select Enterprise Applications. On the Enterprise Applications page:

    1. Select New application > Create your own application.

    2. Enter a name for your application.

    3. Select the third choice for what you intend to do with your application: Integrate any other application you don’t find in the gallery (Non-gallery).

  4. After the application is created, from the left navigation menu, select Single sign-on. On the Single sign-on page:

    1. Select SAML as your single sign-on method.

    2. Update the Basic SAML Configuration by copying and pasting the following information from the Set Up Identity Provider page in BigAnimal to the SAML Configuration menu in Azure AD:

      Copy from BigAnimalPaste in SAML Configuration
      Audience URIIdentifier (Entity ID)
      Assertion Consumer Service URLReply URL
    3. Enter the configuration for Attributes & Claims. We recommend the following:

      Claim nameValueNote
      Unique User Identifier (Name ID)user.userprincipalname [nameid-format:emailAddress]Required claim
      <assertion_path>/emailaddressuser.mailAdditional claim
      <assertion_path>/givennameuser.givennameAdditional claim
      <assertion_path>/nameuser.displaynameAdditional claim
      <assertion_path>/surnameuser.surnameAdditional claim

      Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims.

    4. Under SAML Signing Certificate, select Download for the Base64-encoded certificate.

    5. Copy the Login URL value.

  5. From the left navigation pane, Select Properties. On the Properties page, if you don't want all of the users in Azure AD to use BigAnimal, answer No for the Assignment required? question. Otherwise, answer Yes and assign the specified users to this Enterprise Application explicitly on the Users and Groups page.

  6. On the Setup Config tab on the Set Up Identity Provider page in BigAnimal:

    1. Paste the Login URL value you copied from the Single sign-on page in Azure AD as the Single Sign-On URL.
    2. For Identity Provider Signature Certificate, upload the Base64-encoded certificate downloaded from Azure.
    3. Select the appropriate method for Request Binding. Azure AD supports HTTP-POST and Hybrid.
    4. Select the appropriate value for Response Signature Algorithm. Azure AD supports rsa-sha256 and rsa-sha1.
    5. Select Test Connection. If the connection is successful, select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.